<?php
/**
 * 网站后台管理系统-登录
 * @author 邝达峰
 * @date 2014年3月3日 
 * @version 3.0
 */

class Login extends BaseAction
{
	/**
	 * 初始化
	 */
	public function _init()
	{

	}

	/**
	 * 默认动作
	 */
	protected function _default()
	{
		if($_SERVER['REQUEST_METHOD']=='POST'){
			$strUserName = $this->getParam('username');
			$strUserPass = $this->getParam('password');
			#判断登录状况
			if(strlen($strUserName) > 24){
				$this->alertGoto('非法账户！','/admins/');
			}
			if(empty($strUserName) || empty($strUserPass)){
				$this->alertGoto('非法操作！','/admins/');
			}
			#获取登录次数
			$intLoginNum = $this->session()->getSession('system_login_num');
			#登录限制次数
			$intLoginLimit = 5;
			if(empty($intLoginNum)){
				$this->session()->writeSession('system_login_num',0);
			}
			if(++$intLoginNum > $intLoginLimit){
				$this->alertGoto('尝试登录超过',$intLoginLimit,'次登录！请联系管理员！','/admins/');
			}
			#创建数据库操作对象
			$objAdmins = $this->getModel('admins');
			#查询登录信息
			$mysqlData = $objAdmins->getUserInfo($strUserName);
			
			if(count($mysqlData) > 1){
				$this->alertGoto('非法操作.！','/admins/');
			}
			if(empty($mysqlData))
			{
				$this->alertGoto('用户名不存在！请重新输入！','/admins/');
			}
			#检查用户名是否一致
			$crypt = new Crypt();//密码加密
			$userpwd = $crypt->decode($mysqlData[0]['PASSWORD']);
			if($mysqlData[0]['USERNAME'] != $strUserName){
				$this->alertGoto('用户名不存在！请重新输入！','/admins/');
			}
			#检查登录密码否一致
			if($strUserPass != $userpwd )
			{
				$this->alertGoto('密码有误！请重新输入！','/admins/');
			}
			#超级账户菜单处理
		    if($mysqlData[0]['ADMINID']==1 || $mysqlData[0]['USERNAME']=='admin'){
				$arrMenuInfo = $objAdmins->getMenuData();
				if(is_array($arrMenuInfo) && count($arrMenuInfo) > 0){
					$arrAdminMenu = array();
					foreach($arrMenuInfo as $v){
						array_push($arrAdminMenu,$v['MENUID']);
					}
					$mysqlData[0]['MENUID'] = implode(',',$arrAdminMenu);
				}
			}
			#设置登录信息session
			$this->session()->batchSetSession($mysqlData[0]);
			#设置系统运行模式
			$this->session()->writeSession('system_run_mode',SYSTEM_RUM_MODE);
			if($mysqlData[0]['MENUID']){
				#写后台操作日志
				$objAdmins->log('登录',$_GET['action'],'登录系统后台');
				#设置cookie
				setcookie('adid', Generator::logEnCode($mysqlData[0]['ADMINID']), time() + 3600, '/admins/');
				#登录成功
				$this->goTo301('/admins/');
			}else{
				$this->alertGoto('非法操作！','/admins/login.html');
			}
		}
		
	}

}
?>
